QUESTION 151Which two statements about the SHA-1 algorithm are true? (Choose two)

A. The SHA-1 algorithm is considered secure because it always produces a unique hash for the same message.B. The SHA-1 algorithm takes input message of any length and produces 160-bit hash output.C. The SHA-1 algorithm is considered secure because it is possible to find a message from its hash.D. The purpose of the SHA-1 algorithm is to provide data confidentiality.E. The purpose of the SHA-1 algorithm is to provide data authenticity.

Answer: BE

QUESTION 152Refer to the exhibit. What is the meaning of the given error massage?

A. Ike is disable on the remote peerB. The mirrored crypto ACLs are mismatchedC. The pre-shared keys are mismatchedD. The PFS group are mismatched

QUESTION 154Refer to the exhibit. What are two TLS inspection methods you could implement for outbond internet traffic that can prevent the given untrusted error? (Choose two)

A. Add the self-signed CA certificate from the inspection appliance to the Trusted Root Certification Authority on the clientB. Apply an intermediate CA certificate from a trusted authority on the inspection appliance.C. Download a copy of the private key from the content provider,D. Update your organizational procedures to instruct users to click “I Understand the Risks” to accept the error and continueE. Conditionally decrypt traffic based c$ trust level Store private keys in a FIPS Level 2 HSM on the inspection appliance

Answer: AB

QUESTION 155Drag and Drop QuestionDrag each IPv6 extension header on the left into the recommended order for more than one extension header in the same IPv6 packet on the right.

Answer:

QUESTION 156What are two action you can take to protect against DDOS attacks on cisco router and switches?(Choose two)

A. SOX is an IEFT compliance procedure for computer systems security.B. SOX is a US law.C. SOX is an IEEE compliance procedure for IT management to produce audit reports.D. SOX is a private organization that provides best practices for financial institution computer systems.E. Section 404 of SOX is related to IT compliance.

A. They requires cooperation with the service provider to implement transport of non-IP traffic.B. SLAs are not supported by the service provider.C. It requires customers to implement QoS to manage congestion in the network.D. Integration between Layers 2 and 3 peering services is not supported.E. They may be limited by the technology offered by the service provider.F. They can transport only IPv6 routing traffic.

QUESTION 161Refer to the exhibit. After you configured routes R1 and R2 for IPv6 OSPFv3 authentication as shown, the OSPFv3 neighbor adjacency failed to establish. What is a possible reason for the problem?

A. R2 received a packet with an incorrect area form the loopback1 interfaceB. OSPFv3 area authentication is missingC. R1 received a packet with an incorrect area from the FastEthernet0/0 interfaceD. The SPI and the authentication key are unencryptedE. The SPI value and the key are the same on both R1 and R2

Answer: C

QUESTION 162Which statement about ICMPv6 filtering is true?

A. B. C. D. E. F.

Answer: B

QUESTION 163Which three statements about the Unicast RPF in strict mode and loose mode are true?(Choose three)

A. Loose mode requires the source address to be present in the routing table.B. Inadvertent packet loss can occur when loose mode is used with asymmetrical routing.C. Interfaces in strict mode drop traffic with return that point to the Null 0 Interface.D. Strict mode requires a default route to be associated with the uplink network interface.E. Strict mode is recommended on interfaces that will receive packets only from the same subnet to which is assigned.F. Both loose and strict modes are configured globally on the router.

QUESTION 164What protocol does IPv6 Router Advertisement use for its messages?

A. TCPB. ICMPv6C. ARPD. UDP

Answer: B

QUESTION 165Drag and Drop QuestionDrag each ESP header field on the left into the corresponding field-length category on the right

Answer:

QUESTION 166When TCP intercept is enabled in its default mode, how does it react to a SYN request?

A. It intercepts the SYN before it reaches the server and responds with a SYN-ACKB. It drops the connectionC. It monitors the attempted connection and drops it if it fails to establish within 30 secondsD. It allows the connection without inspectionE. It monitors the sequence of SYN, SYN-ACK, and ACK messages until the connection is fully established

QUESTION 167Refer to the exhibit. What are the two effects of the given configuration? (Choose two)

A. It permits Time Exceeded messages that indicate the fragment assembly time was exceededB. It permits Destination Unreachable messages that indicate the host specified in the datagram rejected the message due to filteringC. It permits Destination Unreachable messages that indicate a problem delivering the datagram to the destination address specified in the datagramD. It permits Parameter Problem messages that indicate an unrecognized value in the Next Header FiledE. It permits Parameter Problem messages that indicate an error in the headerF. It permits Destination Unreachable messages that indicate an invalid port on the host specified in the datagram

A. By default, configuring HSRP on the interface disables ICMP redirect functionality.B. They are generated when a packet enters and exits the same router interface.C. The messages contain an ICMP Type 3 and ICMP code 7.D. They are generated by the host to inform the router of an alternate route to the destination.E. Redirects are only punted to the CPU if the packets are also source-routed.

Answer: AB

QUESTION 170Which two statements about NAT-PT with IPv6 are true? (Choose two)

A. It can be configured as dynamic, static, or PAT.B. It provides end-to-end security.C. It supports IPv6 BVI configurations.D. It provides support for Cisco Express Forwarding.E. It provides ALG support for ICMP and DNS.F. The router can be a single point of failure on the network.

Answer: AE

QUESTION 171Which of the following Cisco IPS signature engine has relatively high memory usage ?

A. The STRING-TCP engineB. The STRING-UDP engineC. The NORMALIZER engineD. The STRING-ICMP engine

QUESTION 173Refer to the exhibit, if R1 is acting as a DHCP server, what action can you take to enable the pc to receive an ip address assignment from the DHCP server ?

A. Configure the IP local pool command on R2B. Configure DHCP option 150 on R2C. Configure the IP helper-address command on R2 to use R1’s ip addressD. Configure the IP helper-address command on R1 to use R2’s ip addressE. Configuration DHCP option 82 on R1F. Configure the ip local pool command on R1

Answer: C

QUESTION 174Which two statements about LEAP are true? (Choose two)

A. It is compatible with the PAP and MS-CHAP protocolsB. It is an ideal protocol for campus networksC. A symmetric key is delivered to the authenticated access point so that future connections from the same client can be encrypted with different keysD. It is an open standard based on IETF and IEEE standardsE. It is compatible with the RADIUS authentication protocolF. Each encrypted session is authentication by the AD server

Answer: EF

QUESTION 175Which two of the following ICMP types and code should be allowed in a firewall to enable traceroute? (Choose two)

A. Destination Unreachable-protocol UnreachableB. Destination Unreachable-port UnreachableC. Time Exceeded-Time to Live exceeded in TransitD. Redirect-Redirect Datagram for the HostE. Time Exceeded-Fragment Reassembly Time ExceededF. Redirect-Redirect Datagram for the Type of service and Host